HIPAA in a “nutshell”

There are two HIPAA rules requirements; privacy (2003) and security (2005). Both rules require:

-Identifying possible threats,
-Assessing specific vulnerabilities,
-Determining appropriate and reasonable safeguards and
-Implementing the necessary defense mechanisms and policies.

Using an EMR (electronic medical record) has no absolute right and wrongs in either computer equipment or software for HIPAA compliance. Usually there are four areas to examine:

-Physical Security – can your computers with patient data be stolen?
-User Security - can anybody log on to the patient database?
-System Security – what happens on a hard drive crash?
-Network Security – can unauthorized persons outside your facility access patient data?